From: Andrey Konovalov <andreyknvl@google.com> To: Andrew Morton <akpm@linux-foundation.org>, Catalin Marinas <catalin.marinas@arm.com>, Vincenzo Frascino <vincenzo.frascino@arm.com>, Dmitry Vyukov <dvyukov@google.com>, Alexander Potapenko <glider@google.com>, Marco Elver <elver@google.com> Cc: Will Deacon <will.deacon@arm.com>, Andrey Ryabinin <aryabinin@virtuozzo.com>, Peter Collingbourne <pcc@google.com>, Evgenii Stepanov <eugenis@google.com>, Branislav Rankov <Branislav.Rankov@arm.com>, Kevin Brodsky <kevin.brodsky@arm.com>, kasan-dev@googlegroups.com, linux-arm-kernel@lists.infradead.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrey Konovalov <andreyknvl@google.com> Subject: [PATCH v3 mm 13/13] kasan: clarify that only first bug is reported in HW_TAGS Date: Fri, 5 Feb 2021 18:34:47 +0100 [thread overview] Message-ID: <00383ba88a47c3f8342d12263c24bdf95527b07d.1612546384.git.andreyknvl@google.com> (raw) In-Reply-To: <cover.1612546384.git.andreyknvl@google.com> Hwardware tag-based KASAN only reports the first found bug. After that MTE tag checking gets disabled. Clarify this in comments and documentation. Signed-off-by: Andrey Konovalov <andreyknvl@google.com> --- Documentation/dev-tools/kasan.rst | 8 ++++++-- mm/kasan/hw_tags.c | 2 +- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/Documentation/dev-tools/kasan.rst b/Documentation/dev-tools/kasan.rst index e022b7506e37..1faabbe23e09 100644 --- a/Documentation/dev-tools/kasan.rst +++ b/Documentation/dev-tools/kasan.rst @@ -155,7 +155,7 @@ Boot parameters ~~~~~~~~~~~~~~~ Hardware tag-based KASAN mode (see the section about various modes below) is -intended for use in production as a security mitigation. Therefore it supports +intended for use in production as a security mitigation. Therefore, it supports boot parameters that allow to disable KASAN competely or otherwise control particular KASAN features. @@ -166,7 +166,8 @@ particular KASAN features. ``off``). - ``kasan.fault=report`` or ``=panic`` controls whether to only print a KASAN - report or also panic the kernel (default: ``report``). + report or also panic the kernel (default: ``report``). Note, that tag + checking gets disabled after the first reported bug. For developers ~~~~~~~~~~~~~~ @@ -296,6 +297,9 @@ Note, that enabling CONFIG_KASAN_HW_TAGS always results in in-kernel TBI being enabled. Even when kasan.mode=off is provided, or when the hardware doesn't support MTE (but supports TBI). +Hardware tag-based KASAN only reports the first found bug. After that MTE tag +checking gets disabled. + What memory accesses are sanitised by KASAN? -------------------------------------------- diff --git a/mm/kasan/hw_tags.c b/mm/kasan/hw_tags.c index e529428e7a11..6c9285c906b8 100644 --- a/mm/kasan/hw_tags.c +++ b/mm/kasan/hw_tags.c @@ -48,7 +48,7 @@ EXPORT_SYMBOL(kasan_flag_enabled); /* Whether to collect alloc/free stack traces. */ DEFINE_STATIC_KEY_FALSE(kasan_flag_stacktrace); -/* Whether panic or disable tag checking on fault. */ +/* Whether to panic or print a report and disable tag checking on fault. */ bool kasan_flag_panic __ro_after_init; /* kasan=off/on */ -- 2.30.0.365.g02bc693789-goog
WARNING: multiple messages have this Message-ID (diff)
From: Andrey Konovalov <andreyknvl@google.com> To: Andrew Morton <akpm@linux-foundation.org>, Catalin Marinas <catalin.marinas@arm.com>, Vincenzo Frascino <vincenzo.frascino@arm.com>, Dmitry Vyukov <dvyukov@google.com>, Alexander Potapenko <glider@google.com>, Marco Elver <elver@google.com> Cc: Branislav Rankov <Branislav.Rankov@arm.com>, Andrey Konovalov <andreyknvl@google.com>, Kevin Brodsky <kevin.brodsky@arm.com>, Will Deacon <will.deacon@arm.com>, linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com, linux-mm@kvack.org, linux-arm-kernel@lists.infradead.org, Andrey Ryabinin <aryabinin@virtuozzo.com>, Peter Collingbourne <pcc@google.com>, Evgenii Stepanov <eugenis@google.com> Subject: [PATCH v3 mm 13/13] kasan: clarify that only first bug is reported in HW_TAGS Date: Fri, 5 Feb 2021 18:34:47 +0100 [thread overview] Message-ID: <00383ba88a47c3f8342d12263c24bdf95527b07d.1612546384.git.andreyknvl@google.com> (raw) In-Reply-To: <cover.1612546384.git.andreyknvl@google.com> Hwardware tag-based KASAN only reports the first found bug. After that MTE tag checking gets disabled. Clarify this in comments and documentation. Signed-off-by: Andrey Konovalov <andreyknvl@google.com> --- Documentation/dev-tools/kasan.rst | 8 ++++++-- mm/kasan/hw_tags.c | 2 +- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/Documentation/dev-tools/kasan.rst b/Documentation/dev-tools/kasan.rst index e022b7506e37..1faabbe23e09 100644 --- a/Documentation/dev-tools/kasan.rst +++ b/Documentation/dev-tools/kasan.rst @@ -155,7 +155,7 @@ Boot parameters ~~~~~~~~~~~~~~~ Hardware tag-based KASAN mode (see the section about various modes below) is -intended for use in production as a security mitigation. Therefore it supports +intended for use in production as a security mitigation. Therefore, it supports boot parameters that allow to disable KASAN competely or otherwise control particular KASAN features. @@ -166,7 +166,8 @@ particular KASAN features. ``off``). - ``kasan.fault=report`` or ``=panic`` controls whether to only print a KASAN - report or also panic the kernel (default: ``report``). + report or also panic the kernel (default: ``report``). Note, that tag + checking gets disabled after the first reported bug. For developers ~~~~~~~~~~~~~~ @@ -296,6 +297,9 @@ Note, that enabling CONFIG_KASAN_HW_TAGS always results in in-kernel TBI being enabled. Even when kasan.mode=off is provided, or when the hardware doesn't support MTE (but supports TBI). +Hardware tag-based KASAN only reports the first found bug. After that MTE tag +checking gets disabled. + What memory accesses are sanitised by KASAN? -------------------------------------------- diff --git a/mm/kasan/hw_tags.c b/mm/kasan/hw_tags.c index e529428e7a11..6c9285c906b8 100644 --- a/mm/kasan/hw_tags.c +++ b/mm/kasan/hw_tags.c @@ -48,7 +48,7 @@ EXPORT_SYMBOL(kasan_flag_enabled); /* Whether to collect alloc/free stack traces. */ DEFINE_STATIC_KEY_FALSE(kasan_flag_stacktrace); -/* Whether panic or disable tag checking on fault. */ +/* Whether to panic or print a report and disable tag checking on fault. */ bool kasan_flag_panic __ro_after_init; /* kasan=off/on */ -- 2.30.0.365.g02bc693789-goog _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2021-02-05 17:45 UTC|newest] Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-02-05 17:34 [PATCH v3 mm 00/13] kasan: optimizations and fixes for HW_TAGS Andrey Konovalov 2021-02-05 17:34 ` Andrey Konovalov 2021-02-05 17:34 ` Andrey Konovalov 2021-02-05 17:34 ` [PATCH v3 mm 01/13] kasan, mm: don't save alloc stacks twice Andrey Konovalov 2021-02-05 17:34 ` Andrey Konovalov 2021-02-05 17:34 ` Andrey Konovalov 2021-02-05 17:34 ` [PATCH v3 mm 02/13] kasan, mm: optimize kmalloc poisoning Andrey Konovalov 2021-02-05 17:34 ` Andrey Konovalov 2021-02-05 17:34 ` Andrey Konovalov 2021-02-05 17:34 ` [PATCH v3 mm 03/13] kasan: optimize large " Andrey Konovalov 2021-02-05 17:34 ` Andrey Konovalov 2021-02-05 17:34 ` Andrey Konovalov 2021-02-05 17:34 ` [PATCH v3 mm 04/13] kasan: clean up setting free info in kasan_slab_free Andrey Konovalov 2021-02-05 17:34 ` Andrey Konovalov 2021-02-05 17:34 ` Andrey Konovalov 2021-02-05 17:34 ` [PATCH v3 mm 05/13] kasan: unify large kfree checks Andrey Konovalov 2021-02-05 17:34 ` Andrey Konovalov 2021-02-05 17:34 ` Andrey Konovalov 2021-02-05 17:34 ` [PATCH v3 mm 06/13] kasan: rework krealloc tests Andrey Konovalov 2021-02-05 17:34 ` Andrey Konovalov 2021-02-05 17:34 ` Andrey Konovalov 2021-02-05 17:34 ` [PATCH v3 mm 07/13] kasan, mm: fail krealloc on freed objects Andrey Konovalov 2021-02-05 17:34 ` Andrey Konovalov 2021-02-05 17:34 ` Andrey Konovalov 2021-02-05 17:34 ` [PATCH v3 mm 08/13] kasan, mm: optimize krealloc poisoning Andrey Konovalov 2021-02-05 17:34 ` Andrey Konovalov 2021-02-05 17:34 ` Andrey Konovalov 2021-02-08 10:48 ` Marco Elver 2021-02-08 10:48 ` Marco Elver 2021-02-09 13:24 ` Andrey Konovalov 2021-02-09 13:24 ` Andrey Konovalov 2021-02-09 13:24 ` Andrey Konovalov 2021-02-05 17:34 ` [PATCH v3 mm 09/13] kasan: ensure poisoning size alignment Andrey Konovalov 2021-02-05 17:34 ` Andrey Konovalov 2021-02-05 17:34 ` Andrey Konovalov 2021-02-05 17:34 ` [PATCH v3 mm 10/13] arm64: kasan: simplify and inline MTE functions Andrey Konovalov 2021-02-05 17:34 ` Andrey Konovalov 2021-02-05 17:34 ` Andrey Konovalov 2021-02-05 17:34 ` [PATCH v3 mm 11/13] kasan: inline HW_TAGS helper functions Andrey Konovalov 2021-02-05 17:34 ` Andrey Konovalov 2021-02-05 17:34 ` Andrey Konovalov 2021-02-08 11:04 ` Marco Elver 2021-02-08 11:04 ` Marco Elver 2021-02-05 17:34 ` [PATCH v3 mm 12/13] arm64: kasan: export MTE symbols for KASAN tests Andrey Konovalov 2021-02-05 17:34 ` Andrey Konovalov 2021-02-05 17:34 ` Andrey Konovalov 2021-02-05 17:34 ` Andrey Konovalov [this message] 2021-02-05 17:34 ` [PATCH v3 mm 13/13] kasan: clarify that only first bug is reported in HW_TAGS Andrey Konovalov 2021-02-05 17:34 ` Andrey Konovalov 2021-02-08 11:06 ` Marco Elver 2021-02-08 11:06 ` Marco Elver
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=00383ba88a47c3f8342d12263c24bdf95527b07d.1612546384.git.andreyknvl@google.com \ --to=andreyknvl@google.com \ --cc=Branislav.Rankov@arm.com \ --cc=akpm@linux-foundation.org \ --cc=aryabinin@virtuozzo.com \ --cc=catalin.marinas@arm.com \ --cc=dvyukov@google.com \ --cc=elver@google.com \ --cc=eugenis@google.com \ --cc=glider@google.com \ --cc=kasan-dev@googlegroups.com \ --cc=kevin.brodsky@arm.com \ --cc=linux-arm-kernel@lists.infradead.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-mm@kvack.org \ --cc=pcc@google.com \ --cc=vincenzo.frascino@arm.com \ --cc=will.deacon@arm.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.